Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple m
A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handle
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-37119
CRITICAL CVSS 9.8
Find Similar
Missing Authorization vulnerability in Uncanny Owl Uncanny Automator Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Automator Pro: from n/a thro
An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in. While removal of all role mappings is unlikely, it could o
A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulatio
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This m
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an att
CVE-2024-9142
CRITICAL CVSS 9.4
Find Similar
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. Th
CVE-2025-34039
CRITICAL CVSS 10.0
Find Similar
A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet allows
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9.
An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data
CVE-2025-7393
CRITICAL CVSS 9.8
Find Similar
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through
A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.